04-08-2009 05:48 AM - edited 03-11-2019 08:16 AM
Hey guys,
I'm configuring a FWSM with 3.1(6) and need some help regarding NAT on the outside interface.
I'd like to know if it's possible to use nat-exemption on the outside interface without using a static as I'll be using the statics to translate from a global ip to a local one. So I'd have something like this:
nat (outside) 0 access-list nonat outside
access-list nonat permit 10.1.0.0 255.255.0.0 10.10.0.0 255.255.0.0
So I could then, for example make a static translation such as:
static (inside,outside) 192.168.0.5 10.10.0.1 netmask 255.255.255.255
I'm trying that now but can't get any access unless I add an additional static such as:
static (inside,outside) 10.10.0.0 10.10.0.0 netmask 255.255.0.0
Does that make sense? What am I doing wrong?
Thanks,
Anthony
Solved! Go to Solution.
04-08-2009 06:42 AM
Anthony
Not sure what you are trying to do here. Nat exemption is bi-directional so it will work both ways so apply it to the inside interface.
Jon
04-08-2009 06:42 AM
Anthony
Not sure what you are trying to do here. Nat exemption is bi-directional so it will work both ways so apply it to the inside interface.
Jon
04-08-2009 06:52 AM
Hi Jon,
Perfect - I didn't know it worked like that!
Cheers for the help
Anthony
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: